Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
521
Views
0
Helpful
1
Replies

IDS Event Monitoring

lpetty
Level 1
Level 1

‎03-25-2004 12:25 PM - edited ‎03-09-2019 06:52 AM

Are there any third party products that can be used to monitor Cisco IDS sensor events? We have VMS, but would like to investigate other solutions.

Labels:
0 Helpful
1 Reply 1

marcabal
Cisco Employee
Cisco Employee

‎03-26-2004 12:26 PM

Yes, there are other monitoring products. Cisco itself has IEV (Intrusion Detection Event Viewer) and CTR (Cisco Threat Response) which are both available to Cisco IDS users (with service contracts) at no additional charge.

In addition Cisco sells the CiscoWorks SIMS product which is an OEM of the NetForensics product for security event monitoring of not only Cisco IDS events but also security messages from other Cisco products as well as other vendor products.

There are also a few other security monitor vendors that have incorporated an RDEP client into their products. The RDEP client is used to pull the IDS alarms from the Cisco IDS Sensors.

You should just be able to query the web looking for security monitoring products and check the documentation to see if they have incorporated an RDEP client for pulling events from Cisco IDS Sensors.

Hopefully users who have used some of these other 3rp party products for security monitoring will reply letting you know the products they are using and how things are working out for them.

------------

Side Note: VMS serves 2 main purposes: Event Viewing and Configuration Management.

For Event Viewing VMS has the Security Monitor. Other vendors products can also be used for Event Viewing as mentioned above with the incorporation of an RDEP client.

For Configuration Management VMS has IDS Management Center. I don't know of any 3rd party products that will do configuration of the Cisco IDS sensors. So for configuration you will either need to continue using the IDS MC portion of VMS, or switch to using IDM (Intrusion Detection Device Manager) which runs on the sensor's own web browser. Be aware that you can use the IDS MC portion of VMS for configuration management, and still use another 3rd party product for Event Viewing, but the 2 products may have to be installed on separate boxes depending on OS, patch level, and JRE dependancies.

0 Helpful
Customers Also Viewed These Support Documents